To enable remote syslog events you'll need to do the following:
In this file follow the comments to enable the network listener. You'll want to end up with something like this:
<!-- Un-comment the following lines to enable the network syslog protocol listener. --> <key>NetworkListener</key> <dict> <key>SockServiceName</key> <string>syslog</string> <key>SockType</key> <string>dgram</string> </dict>
Then a restart of the service is in order. After this if you fire up Console.app and browse 'All Messages' anything logged by other devices will be shown over here. Working fine with the Netgear DG834G router when set to "Syslog > Broadcast on LAN".
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
Now all that's left todo is to figure out a way to identity posts from the router and shove 'em out via Growl. If you're curious here is a sample entry from /private/var/log/system.log From this I guess what I need to grep for is my IP address?
13/06/2009 23:29:22 TCP Packet - Source 220.127.116.11 Destination:18.104.22.168 - [PORT SCAN]